In this section: |
This section describes how to run Web services over SSL (Secure Sockets Layer). This technique allows you to encrypt a message payload and establish a connection with the SOAP Listener.
iWay Service Manager allows you to run the SOAP listener on a SSL port, as well as consume Web Services provided by another third-party server also listening on a SSL port. Consuming a “secured" Web service using the iWay Designer's Web Service object is straightforward. You must provide the WSDL file for the Web Service you wish to consume. The SOAP end point defined in the WSDL file will most likely be using HTTPS as opposed to HTTP.
iSM takes on the role of a SSL client as opposed to a standard HTTP client when it tries to make the connection and is asked for a key. At this point, iSM looks into its global definitions area to see if any keystores have been defined to iSM.
A keystore can hold a private and public portion of the key. When iSM is communicating with a server that is running SSL, it will use the public key to authenticate itself, and send the encrypted SOAP request. To consume third-party external Web Services from iSM that reside on an SSL server and port, you must:
Since design time tools such as iWay Designer and iWay Explorer, which needs to communicate with the SOAP listener, but do not understand SSL, you must create a new run-time SOAP listener that is secured. In addition, you must retain the default SOAP listener for design time activity.
When creating the new SOAP listener, you can use the standard SOAP1 listener as a template and then perform the following steps:
Note: The default SSL port is 443.
Note: If you are creating a keystore using iSM, the type will be JKS.
Note: Enabling client authentication provides two-way SSL authentication, which typically is not done. It requires that your partner provides a certitificate that you will add to the TrustStore.
For more information on how to builid and use channels, see the iWay Service Manager User's Guide.
Now that you have two SOAP listeners, you will still use the SOAP1 listener (default port 9000) to make a connection with iWay Explorer. Using iWay Explorer, locate the components for which you wish to generate Web Services and then generate the necessary Web services.
Please note that as long as the same iSM repository is being used, the Web services that are created on one SOAP listener can be run on the other. To do this, view the WSDL file in your Web browser, for example:
https://host:443/license_name/webservice_name.ibs?wsdl
At the bottom of the WSDL fie, the location has now changed from
<soap: address location="http://cclaptop.ibi.com:9000/XDSOAPRouter"/>
to:
<soap: address location="https://cclaptop.ibi.com:443/XDSOAPRouter"/>
Note: You will need to save this as a file if you want to use it in iWay Designer to call the Web service from a process flow. iWay Designer does not support SSL connections to the iBSP or any secure Web server.
You must now provide the new SOAP listener port to whatever client needs to run the Web service in a secured mode. When the partner connects to obtain the WSDL, iBSP will automatically fix the location to fit the request it came from. For example, if the IP address was used or a secure port, then the IP address and port will be used in the service location. When that client attempts to run, the secured SOAP listener in iSM will use the keystore you specified on the listener for the SSL handshake and route the Web service to the repository of the configuration the listener was created in.
You can test this by running the iBSP test tool and using the following format:
https://host:port/license_name/webservice.ibs?OP=operation_name
You can now configure a process flow in iWay Designer using the Web service object. Provide the saved WSDL file to the Web service object and ensure that the iSM instance on which you will run the process flow is aware of your public certificate key.
| iWay Software |